More Web Proxy on the site http://driver.im/

research-article

Adversarial Attack on Microarchitectural Events based Malware Detectors

Authors:

Sai Manoj Pudukotai Dinakarrao,

Sairaj Amberkar,

Abhijitt Dhavlle,

Hossein Sayadi,

Houman Homayoun,

Setareh RafatiradAuthors Info & Claims

DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

Article No.: 164, Pages 1 - 6

https://doi.org/10.1145/3316781.3317762

Published: 02 June 2019 Publication History

Abstract

To overcome the performance overheads incurred by the traditional software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) using machine learning (ML) classifiers has emerged as a panacea to detect malicious applications and secure the systems. To classify benign and malicious applications, HMD primarily relies on the generated low-level microarchitectural events captured through Hardware Performance Counters (HPCs). This work creates an adversarial attack on the HMD systems to tamper the security by introducing the perturbations in the HPC traces with the aid of an adversarial sample generator application. To craft the attack, we first deploy an adversarial sample predictor to predict the adversarial HPC pattern for a given application to be misclassified by the deployed ML classifier in the HMD. Further, as the attacker has no direct access to manipulate the HPCs generated during runtime, based on the output of the adversarial sample predictor, we devise an adversarial sample generator wrapped around a normal application to produce HPC patterns similar to the adversarial predictor HPC trace. As the crafted adversarial sample generator application does not have any malicious operations, it is not detectable with traditional signature-based malware detection solutions. With the proposed attack, malware detection accuracy has been reduced to 18.04% from 82.76%.

References

[1]

2019. VirusShare Team. www.virusshare.com Last accessed: 04-May-2019.

[2]

2019. Virustotal intelligence service. www.virustotal.com/intelligence Last accessed: 04-May-2019.

[3]

M. B. Bahador, M. Abadi, and A. Tajoddin. 2014. HPCMalHunter: Behavioral malware detection using hardware performance counters and singular value decomposition. In Int. Conf. on Computer and Knowledge Engineering.

[4]

F. Brasser and et al. 2018. Advances and Throwbacks in Hardware-assisted Security: Special Session. In Int. Conf. on CASES.

Digital Library

[5]

J. Demme and et al. 2013. On the Feasibility of Online Malware Detection with Performance Counters. SIGARCH Comput. Archit. News 41, 3 (Jun 2013), 559--570.

Digital Library

[6]

S. Dinakarrao and et al. 2019. Lightweight Node-level Malware Detection and Network-level Malware Confinement in IoT Networks. In Design Automation and Test Con. in Europe.

[7]

A. Garcia-Serrano. 2015. Anomaly Detection for Malware Identification using Hardware Performance Counters. CoRR abs/1508.07482 (2015).

[8]

I. Goodfellow, J. Shlens, and C. Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations.

[9]

M. R. Guthaus and et al. 2001. MiBench: A free, commercially representative embedded benchmark suite. In IEEE Int. W. on Workload Characterization.

Digital Library

[10]

A. Huang and et al. 2018. Adversarial Deep Learning for Robust Detection of Binary Encoded Malware. CoRR abs/1801.02950 (2018).

[11]

G. Jacob, H. Debar, and E. Filiol. 2008. Behavioral detection of malware: from a survey towards an established taxonomy. Journal in Computer Virology 4, 3 (Aug 2008), 251--266.

[12]

A. Jafari and et al. 2019. SensorNet: A Scalable and Low-Power Deep Convolutional Neural Network for Multimodal Data Classification. IEEE Tran. on Circuits and Systems I 66, 1 (Jan 2019), 274--287.

[13]

Kaspersky. 2017. Advanced Threat Defense and Targeted Attack Risk Migration. White Paper (2017), 1--12. https://media.kaspersky.com/en/business-security/enterprise/KL_KATA_Whitepaper_OG.pdf.

[14]

K. Khasawneh and et al. 2017. RHMD: Evasion-resilient Hardware Malware Detectors. In IEEE/ACM Int. Symp. on Microarchitecture.

Digital Library

[15]

K. Khasawneh and et al. 2018. EnsembleHMD: Accurate Hardware Malware Detectors with Specialized Ensemble Classifiers. IEEE Trans. on Dependable and Secure Computing (2018).

[16]

M. Khatwani and et al. 2018. Energy Efficient Convolutional Neural Networks for EEG Artifact Detection. In IEEE Biomedical Circuits and Systems Conf.

[17]

Y. Liu, X. Chen, C. Liu, and D. Song. 2017. Delving into Transferable Adversarial Examples and Black-box Attacks. In Int. Conf. on Learning Representations.

[18]

N. Papernot and et al. 2016. The Limitations of Deep Learning in Adversarial Settings. In IEEE European Symp. on Security and Privacy.

[19]

N. Patel, A. Sasan, and H. Homayoun. 2017. Analyzing Hardware Based Malware Detectors. In Design Automation Conf.

Digital Library

[20]

H. Sayadi and et al. 2018. Comprehensive Assessment of Run-Time Hardware-Supported Malware Detection Using General and Ensemble Learning. In ACM Computing Frontiers.

Digital Library

[21]

H. Sayadi and et al. 2018. Ensemble Learning for Effective Run-time Hardware-based Malware Detection: A Comprehensive Analysis and Classification. In Design Automation Conference.

Digital Library

[22]

H. Sayadi and et al. 2019. 2SMaRT: A Two-Stage Machine Learning-Based Approach for Run-Time Specialized Hardware-Assisted Malware Detection. In Design Automation and Test Con. in Europe.

[23]

C. Szegedy and et al. 2014. Intriguing Properties of Neural Networks. In Int. Conf. on Learning Representations.

[24]

A. Tang, S. Sethumadhavan, and S. Stolfo. 2014. Unsupervised Anomaly-Based Malware Detection Using Hardware Features. In RAID Conference.

[25]

X. Wang and et al. 2015. ConFirm: Detecting Firmware Modifications in Embedded Systems Using Hardware Performance Counters. In IEEE/ACM Int. Conf. on Computer-Aided Design.

Digital Library

[26]

B. Zhou and et al. 2018. Hardware Performance Counters Can Detect Malware: Myth or Fact?. In ACM Asia Conf. on Computer and Communications Security.

Digital Library

Cited By

Sayadi HHe ZMakrani HHomayoun H(2024)Intelligent Malware Detection based on Hardware Performance Counters: A Comprehensive Survey2024 25th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED60706.2024.10528369(1-10)Online publication date: 3-Apr-2024
https://doi.org/10.1109/ISQED60706.2024.10528369
Hu YLi SXue WZhao YWen Y(2024)CarePlus: A general framework for hardware performance counter based malware detection under system resource competitionComputers & Security10.1016/j.cose.2024.103884143(103884)Online publication date: Aug-2024
https://doi.org/10.1016/j.cose.2024.103884
Woralert CLiu CBlasingame Z(2023)HARD-Lite: A Lightweight Hardware Anomaly Realtime Detection Framework Targeting RansomwareIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2023.329953270:12(5036-5047)Online publication date: Dec-2023
https://doi.org/10.1109/TCSI.2023.3299532
Show More Cited By

Recommendations

A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks
Abstract
Malware is constantly evolving with rising concern for cyberspace. Deep learning-based malware detectors are being used as a potential solution. However, these detectors are vulnerable to adversarial attacks. The adversarial attacks manipulate ...
Graphical abstract

Display Omitted
Highlights
- An approach to combining adversarial attacks is proposed to analyse the robustness of malware detectors against attacks.
- Ten adversarial attacks are created to generate binary-encoded malicious samples, including the proposed combined ...
Adversarial attacks against Windows PE malware detection: A survey of the state-of-the-art
Abstract
Malware has been one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against ever-increasing and ever-evolving malware, tremendous efforts have been made to propose a ...
No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial Samples
ROOTS'20: Reversing and Offensive-oriented Trends Symposium

Adversarial attacks to Machine Learning (ML) models became such a concern that tech companies (Microsoft and CUJO AI’s Vulnerability Research Lab) decided to launch contests to better understand their impact on practice. During the contest’s first ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

June 2019

1378 pages

ISBN:9781450367257

DOI:10.1145/3316781

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation
IEEE-CEDA

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

DAC '19

Sponsor:

SIGDA

DAC '19: The 56th Annual Design Automation Conference 2019

June 2 - 6, 2019

NV, Las Vegas, USA

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
571
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sayadi HHe ZMakrani HHomayoun H(2024)Intelligent Malware Detection based on Hardware Performance Counters: A Comprehensive Survey2024 25th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED60706.2024.10528369(1-10)Online publication date: 3-Apr-2024
https://doi.org/10.1109/ISQED60706.2024.10528369
Hu YLi SXue WZhao YWen Y(2024)CarePlus: A general framework for hardware performance counter based malware detection under system resource competitionComputers & Security10.1016/j.cose.2024.103884143(103884)Online publication date: Aug-2024
https://doi.org/10.1016/j.cose.2024.103884
Woralert CLiu CBlasingame Z(2023)HARD-Lite: A Lightweight Hardware Anomaly Realtime Detection Framework Targeting RansomwareIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2023.329953270:12(5036-5047)Online publication date: Dec-2023
https://doi.org/10.1109/TCSI.2023.3299532
Hossain NBuyuktosunoglu AWellman JBose PMartonosi M(2023)SoCurity: A Design Approach for Enhancing SoC SecurityIEEE Computer Architecture Letters10.1109/LCA.2023.330144822:2(105-108)Online publication date: 1-Jul-2023
https://doi.org/10.1109/LCA.2023.3301448
Song MSuh TKoo G(2023)Vizard: Passing Over Profiling-Based Detection by Manipulating Performance CountersIEEE Access10.1109/ACCESS.2023.326017911(48099-48112)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3260179
Mohamed OChirila C(2022)Harnessing performance counters to detect malware using deep learning modelsSYSTEM THEORY, CONTROL AND COMPUTING JOURNAL10.52846/stccj.2022.2.2.422:2(40-49)Online publication date: 31-Dec-2022
https://doi.org/10.52846/stccj.2022.2.2.42
Tannirkulam Chandrasekaran SKuruvila ABasu KSanyal A(2022)Real-Time Hardware-Based Malware and Micro-Architectural Attack Detection Utilizing CMOS Reservoir ComputingIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2021.310252669:2(349-353)Online publication date: Feb-2022
https://doi.org/10.1109/TCSII.2021.3102526
Kuruvila AMeng XKundu SPandey GBasu K(2022)Explainable Machine Learning for Intrusion Detection via Hardware Performance CountersIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.314974541:11(4952-4964)Online publication date: Nov-2022
https://doi.org/10.1109/TCAD.2022.3149745
Elnaggar RServadei LMathur SWille REcker WChakrabarty K(2022)Accurate and Robust Malware Detection: Running XGBoost on Runtime Data From Performance CountersIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2021.310200741:7(2066-2079)Online publication date: Jul-2022
https://doi.org/10.1109/TCAD.2021.3102007
Dhavlle ARafatirad SKhasawneh KHomayoun HDinakarrao S(2022)Imitating Functional Operations for Mitigating Side-Channel LeakageIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2021.307024341:4(868-881)Online publication date: Apr-2022
https://doi.org/10.1109/TCAD.2021.3070243
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten